Best Practices In Cybersecurity Every Organizations Must Have In Place

Kiran Vangaveti having completed his master’s degree in Computer Science from University of NewPort, Kiran has over 24 years of experience in across various areas of cybersecurity. Prior to incepting BluSapphire in 2017, he has successfully handled key leadership and managerial positions across various companies such as Tudor Investment Corporation, GE Capital, Praxair, Arisglobal, and Avantel Software, to name a few.

In a recent conversation with Prisila(Correspondent, Asia Business Outlook), Kiran shared his insights on the current cybersecurity space across the world, emerging trends and many other interesting aspects. Below are a few extracts from the exclusive interview –

What are the primary cybersecurity threats that enterprises across different industry verticals face?

Today, the biggest cyber threat is ransomware, where organizations are facing the serious problem of cyber criminals getting into their systems, stealing data, encrypting it and holding it for ransom. This is the no.1 cyber threat organizations across all industries are battling with from an operational and value proposition. Apart from this, there are also many data privacy and IP related issues constantly hindering the organizations.

The year 2022 witnessed phase shift in terms of LLMs like Chat GPT through which spear phishing attacks have grown out of proportion. With the evolving AI/ML models that are gaining widespread acceptance today, these challenges will continue to exist unless there are stringent regulatory frameworks defining the minimum measures that organizations must take to ensure data privacy and security.

Suggest a few ways for organizations to address the role of human element in cybersecurity.

The human element is the weakest link in the cybersecurity chain because technology can only assist you a certain extent, especially in the case of phishing attacks which are today increasing in number due to their nature of attack which is very unidentifiable. They are primarily designed to fool the victim that here is a sense of urgency and causing the damage as money transfer, getting access to their login credentials or many other. Creating cybersecurity awareness among their employees by conducting periodic education and training programs is the most effective tool for organizations to ensure that their employees know how to identify & act when faced with any suspicious activity.

What is the impact of cloud technology adoption on an enterprise’s cybersecurity strategy?

Traditional security challenges of operating in our own data center did exist always, moving that to the cloud extrapolates those challenges because you are now operating on a shared security model and dependent on cloud security capabilities along with your own security capabilities. As a result, this will require upgrading skillsets of your security teams, infrastructure teams, adoption of DevSecOps and many more. Access control is another area that becomes very challenging when using a hybrid model because the identity of users between the different cloud environments and on premise may vary significantly. Also, the visibility and monitoring tools that you have for your existing infrastructure may not be compatible with cloud environment, which will again lead to regulatory compliance issues.

How does network visibility contribute to early threat detection and response?

Network is the single source of truth because regardless of whether the data is encrypted on network or in clear text, the medium of transfer always is the network. Anything and everything that the attacker does is visible on the network to at least some extent. Although data on the network also can be encrypted, there are still signal intelligence techniques that help us identify whether there is an active attack, botnet activity or data exfiltration in progress on the network.

Throw some light a few emerging trends and technologies in cybersecurity that enterprises should consider for their security roadmap.

Undoubtedly zero trust is the most emerging trend today, followed closely by SaaS and XDR. However, one cannot ignore the cloud native security, privacy enhanced computing, quantum cryptography and quantum proof cryptography that are also trending a lot in the global cybersecurity space lately.

How can organizations quantify the ROI for their cybersecurity investments?

Cybersecurity investments are not easily justifiable unless there is an attack and you have successfully prevented it. As a result, they are largely justified by user metrics such as cost avoidance of an attack, i.e. the total loss in terms of monetary cost, manpower and other resources that was avoided for the enterprises because of having a stringent cybersecurity mechanisms in place.